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Abstract ofEP0552392 

The method specified complements the challenge and response method for mutual 
authentication of a chip card (CHK) and of a terminal (T). A terminal-specific key 
(KC2, KT2) is calculated with the aid of identity characteristics (ID) for the terminal 
(T), the current application and the security module located in the terminal (T), a 
coding function (FCY, FTY) and the chip-card-specific key (KCl, KTl) prior to 
authenticity testing of the terminal (T). The identity characteristics (ID) are signalled 
visually and/or acoustically to the chip-card user after successful conclusion of the 
authenticity test. 
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Beachrejbuhg 

Die Effindung bslrifft ©in Verfahren zur flegensaitU 
geni Ai^hertinfetfo^ Ghlpkarte ui^ e Ines Tennirials 
hach der Challfirtgar krtd R0sponsO:Methode (Fra- 
ge-AhtvmritfV^ahron^^^^ Obltcherweise autbemlfizlort 
fiich zunS^t cfjo Chipkarto gegenpbsf dem TerminaL 
Die Chipkarte tfeertrigt i]i;fo -Chipl^enidahtitat^ 
met 2um Terrnihal* Dieses berechnel aus deir: ChfpKar* 
tMderitltasnymmer einen erst^n TefmlnalschlOsseJ, 
dsf bei Vefwendung 

aigoriihmen.mlt ei^em erkten ih deir Chlplorte gespeh 
c:Ke rten CHiplmrlenschtussel idahtisch 1st Nun gensriert 
da:s Terminal eine ;,Qrsto ZufaHsz^i. OberUSgl sfO; zur 
Ghipkarte iind das Termtnai verschtOsselt diQ erstEP Zu- 
iaitszahl eberisc wie c£e Chipidrte. Als Verschluss^- 
lungsergsbntsilie^t.&owohl In der Chipkaflo ats auch.irn 
Tormtnal ein erster ;/iherkennongspamiTiel0r vor. Dtese 
beideo Anerkehnuhgspafametiar w Terrnirtal 
verglicHen- Dei jjoshiveni VarglefcrKtcrgcbnio isl dio 
QNpkana authentbch. 

Zur Aiithohtit0<ailon d Terrnhals gegeridber der 
ehipKarte findet derpbeh bdschrtetoeho Atorgang mft yer- 
taiischten Fto^^^ 

fkannte e^^^ 2Uf be|de^eitiQ0n V^rr 

schiasselteg.elr^er von cir Chip Karlei generi6rtert-2aj- 
fsitte^l veiweiidet. Dje dabei ^tstc^^ 
AnarkwnMngspa^^ 

• teis^rjik; Bc^^^Wrll , Febrtiar 1 gsp* Mpnctidi Seiten 64 

,cd) c^sit auftieritlsch 

dl^i5€fs Irtfott^ k6nnte/ iwar ium ;a^ispi8t 

tertob$sSligl^^^ 

l^eObeittragufig Sk^erheHde^ c^rch Ofr 
Berjtitzef^^aer ChJ^^ vdn ciar AUhfe^^ 

ireiciKVereuieh^ 

: tiia^ideV: vpt^ zug riindalidgerKte 

BSan&Wd^^^^ 
bbjekUyyohderAlrt 

■gen, ^ .'■ 

biese Aufgabe wltd effindurigsgem^fe durpK dielm 
F^tfifHansf)^ 1 angageibenbh^M 

QamiiB darn i^^^^ 1 angegabeneo 

Verfahren wilf^ tfia b?W/ vi©rd^ War^tekeihngfo^ 



Qarvdia deiin Terminal Tzugeordhei &ind;:h^ gegenV 

l^cltigpn AuihchtfTiH^iotn^ garnaO dor Challqngb^ 

and! Res ppnsarMethoda: rnlt efobazogan. Es yirfrd nipht 

liur ein chiptortenspeiifischer^ 
s spiidBm disiscu- chjpkailenspezlfts^^^^ 

Ganenerung eihiisz^ 

iifischen Sc^OsWs vfi>f^^ 

ge Ufid sEt^ara Idamifiloati^^^ ^kluaKra ebiar ^iul^ 

tlqn aBef Elerhehte dei Tarnilnlls: g^ 
10 kartngr^ffen Baslar^ 

Ideniitatekermgrd^ airid 

Bet Ofaerainsilrninrien d erstan imd der z^e 

aHcanhungspammater Werdeh dii^ defiti Terrnihat zuge^ 

ordrieteo Idantitlitskanngro^^ und/qdar aina dia$a 
irf IdenUtSlsktningral^eri rept^siiint^rer^s b^^^^ 

tlkh unci^GKitdr alcusUsc^^j^^^^ DJdso Ariz^j^a er* 

folgt gut einer AnzaigeemheH.,K^^ 

kanii ai*^ jUirtsprech^^^^ pder 

ahnlfchesvsala 
so Dufcb oiiia epbhp Anzajga tenn ek^ dar^^C^ 

1ent}antft2^rse}b&t^^d[£^ 

Wader rf>anft>uH9rtrwH:ato lileichmwireJ di^ 
dOTeetiutte^^^ 

rep^sanSjarencfe jnf^^ <iaa afrideuitig 

£S daf bdar dan tdsEntt^takahngffiBen iugao^ei tsti bia 
VertjraueinswM^r^ : vvird duith^ d^^^ 

zeiga jiri dari^|ifciHanb^^ 

; . Oamao ainer w^^ 
muB das ahgazaigte Ergebhi^ quittleit vyarden.^ Diesa 

diruck odW diirdH ^lauf Jiner H^rai lejngan Zehl 
darT^B;aln8r:AtJa9e^^^un:g und' Waiterbttdung der 
Elfthidiinglstlrn^T^ ifitaj^iart; 
dassen^fef^ 

'OS aiherttotr^tdentH^ fflbeif' 

t^eiv (fl^rtl Dias^ 

ifiadem Tarminar^^^ 

C^ipl^aar^^ 

Uscba, intoriroiictfiid 
^0 aMueRlrriT^^ 

Oanr^i) einer weker^^^^^ 
wlrdjgemetf^ianff dar /^de«n tarmjnal zugadnirie^ri 
^anti!^;^^ 

gr^a ziir ;Chjp Obertrageh; Die |tl»rf 
Ba wird ^so u^^^ 

arweiteh. [^mrtit;!^ dW 
Inri ^t^rminai tauf Bnda;^^ 

'$0/ Gatiili^^d^^^^ 

slitlunjs idar Erfiiidm^^ j^elfpuiriid d^ Obarira- 

gurig bm dar Elngabe ainer Rersofie^iHanriJ^ atia 

bzwrilfidas^errnifiajja^ 

minafeyGitijndert dtaso'^^^^ 
^ Wiri irsl nach Ahzalge der WehtiimskanrigraS^ 

und/pdsr der diasa Idan^tskanngr6^ 

reinidrBn Inrormatian wfedaraifgahoben; darrih kanri also 

vein Sah^h TarntTnals bis zur Faststallung d^r Aiir 
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thentizit.^ dyrch cfie Cihi^^ Im Mgentfen^AusfflhrungsbetepiaJ^^.v^ 

Temnmfe iniidit aktivieirt werdisnl Eirt© An zeige inanipu- dung^8nnfiOev>^^ es Jji Figur. 1 ■dairgest^l|t • 

liener Iriiorniatlw Isl sortft wrKsam vortilridea fsi. j^esciiriebeia Ats Kpfnitiunifetioiicp^^^ v^riieh 

chjhgdeirEf^d^ die zi^^ch^ Ch^^ 5 DasTemiinaif tw^ 

Termirml auszCrtaujschendoh.p uber oin rwHscheh halb dw Ghtpkarte fcHlfe ^fehe Eiriheiten sbd 

,Chipkarto und^iT^^ spielswejse.e&i^ ClO; eirt 2©rit^|. 

nal ^etehfifL Die defn temiire^ zugDorcJrteitw^^^^^ fwhner H<i^Ti eir^ CPU, und Ueflungs- 

kenngrfiQefh un<l^oder efcifi dysleme fo 

repraseintierafitf^ io Da^t bhlpkartentertri^^ 

Chipkartenteirminal angoQrdnm^^ soy^l jZwlsc^en Ch^karie GHK unci Zeritr^rechher 

?eigjtpias^Ani^ HdSTali^a^ 

latigimg del auf ciem Chipk^rtei^efnU^ lenbeniitz^n im Ghlpikari^^ An^ 

Ta^tajtir qurniart. purqh dfesa Ausg^^^ und Wek zieige^heii PSP und efh EingabetastsnbtcSrkTAS ih- 

tDrbljdUng^Br E^ is tegrterl 

Troirtuhg von Chip^^^ und Tenninal eih zu^ In Rgw S Ciiiptcarteh CKt ein© Eln- 

sat2llcner5chut2 vbr elnetrlyianlpu zeielhh^fl* d!o bdW Leftimg niitdejti Zen^ 

heS Terminais erreteht D^s Gh^totenterm iralrecliner ftp^T yejbunden i«t. In Figur 3 kann das 

Kanh ZMsateBdi vd^ dsr Ghlpkarto ayft^toriefl^ (^ipJtai&nterrnbial C Eirualeinhert, ate 

sicb un^hiSiigig ybm Torrnirial aolbst log^nOberiisr M aiicb effie Eirihail seh, dio ^^insam mft itet Rech- 

"Ghipkafte zo ^ Dufch diMe zusatzitebe nerstatfoh CPU im^T^^ T jritBgriiBrti;a. 

Mi^lkrfiWit: vrfiiJ ddOtlich/(^ ^htpK^ribntpiTTitriQl in w^feber fSumltebon Form PbJpkartonleitriln^J 

cherti wtisflechn^ def cihipkafte zuged^^ CKT aiih^inrtrner Vorlie wfcbt^ f jPr das ©rfi^^^ 

tet:. pas Cttpkajienteifm^ aWem yetr- trmQV&fi^Qiim^^ absdute VeitraUio^ 

trau^hsv^rdiga Sctmftisleite und £S <ier in Qim^timm^ 

Chfpka^tehbenuizeirv Die ■ glebha^A^rtrauenswOr^^ ten^ nSmJI^ der Aiuieig^iainheit^DlS^^ cfsr 

te! bel fltner Integration tier FunWJonan das Chfpkarten- staturTAS: 

tefjrTnilnais fm tbnntnal nur mil grc^e?Ti Ajri erreici]i- DqsAu^flJbrung^^^^^ besdiri>td 

ban :andBA^jfkwse-M^^^ 

sb^ung de^E^^ made Vejrfabrdn 

tii^tiliiQtibn dor Qhlp^rte iind das Tarmlnkle elho V^nschlQssiftings^ 

Cfbaii^^^^^ d^w; a^tgegabeh^ Personenkennz^l sen l^gri^ die verw^ 

durchg^lfflhrt. p ciine Arize^a ^nt^e^ &^ 

ah |lei<: Anzeiige^heH i^rd^^ 5s cje^^asyii^ VefSf^iQaselungsyer^^ 

■g^Sfiil^isnA^ ' ^i^ej^Oiiwii^^ ' ^ ^yyT'yv '. 

stcSsyaft indert'^^^^ Ghfpkarte f Or fn^ , - Iri JRgur t sjnd &^lcs i^rj efn^ Ulnfe 

: Veiidiiadiariie A^ tet^D^laius die Veffihr^ 

2^^<^e^ ClMCab^ 

f Qf: m Afera J A^ nfchV m6gnch 1st piesar 40 Ararftiifsra^ tefg^ie^R, dia iri ^^nr^t)a^ T;i ur*d 

Nachteii >v|r^ aber durt^ den Gewinn an mahr dortfris^ ra In a^ia^ Slt^a 

aisiaufge^^ . 

VVeteeyc^^ .g^bi^aihbhigi^h 

difflgen sind in w^^^^^ an^igebaa gan Taetalfefcfes^^T^^^^ 

im tpi^Kkien vrir 4S tslai^ iffleser^lh^^^ 

nailer eriayteii paber gealnheirpiSP.^^ bi^ Pa^Or ' 

. ■ ^nenHew^^ 

FlGvi.- das^;^ffinduH|fi|oto ;Ablautd&§^amm^-g^^ ■ :.-iSi&idHk!6l^ ■ . 

macjd0^ _^;obb*tri 

. so nufit^ 

me 2 eihe schematised zaidwai^^ 

^^IpKartS. jeftes ^^}^ttMQmf(\^ urm e^ XvlnvTSrmlrai'f 

nes28ntralrecfwier8,und iffeiamfmli^ 

FIG 3 eiheAfwrdnunggemS&FIG^ibeider^^^^^ ss enMihe^ bies^r erdb Tami&iai&h 

i!«utermennin#^^^ sprlchtdemh\derGHip^^ 

rwm TepS>al b^^^^ Cii^lceirtanacrti^ 

Imfamifnal Twfrd^ gene^ 
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fiart ondiiuf Chipferta CHK .Qtortiagen. Sowohl in :der 
Ctiipkarte CHK irh teimiialTw^^ ersla 

AnerKenhungsjparewnelBf^^ Gifechnet Aul 

Seitwi4Br CWpkarte 

KGi uridoiriSr ersten Ch^ 

ChfpKartehtiihktion FOX entapficht ' elher crstcn tortni- 

'.: bas tSrrntnal t er^ terMirialah- 
6rket»nimgsparBrnete 
zaht yi/jcf&sior^ien Term^ 

steh TenwnalfunWten^ bar von der Chfpi«rt« CftK 
errecKheto erslb Chfplfflriananerkermuhgspam^ 
APC1 winj zumTerniinalT 

prsljBn TormbalansfKeiviung^ APn vei^l- »5 

Chen, Bei hegativom Vergleidiser^ebhis wii^l das Vor- 
tahren abgebfochen; da diahfi dia Chfpterta CHK nictit 
'authenljstiiist 

Bevor nun auch die Authonifzltait des TermEhate 
gag^Ober der Ch^Waite CHK Cti^rprOit Wfrd; erhocHhet 
die Chtpkarte CHK .e^an zw^ten Chipkart^i^Kissel 
KC2 und das Terminal T oina> rweiton fermlnfiilsiiiilOs- 
$61 In der eWpferte CHK ertolgt dies liac^ 
tragish von dsm tefmihal T iugdprdneten Idehtttats- 
I»nngr63en 10 ah die Ghipkarts CHfC D» ciilpkaitd is 
&k bjldel aiS don (deiithaiskennsfpOen ID and dem 
ereien ;Chipkart^ns«hia«se) KCi ma HHIe einer rvratten 
Ch^karientunkifo^ den rwelien 6h53terien«*i^^^^^^^^^ 
sal KC2, Das termfeief T biestimmi aus :4eh IdeiitHits- 
kennBfoSenlp. dem^irstenTer^ >w 
elnarzweiten te'nijf^ ^^H?^ 

yiitddi^ 

Die Clem Terrn!^^ 
graDenlDslmJeine-Sfc^w^ate 
elne Tahnlh^itde^^ 
dun g^denthat^KehngrdO^^^^^ 
iSt&lcenngr6l3e SID 

Sidiartieft^imbduL Die tenttfr^alidentit^ts^ 
bezefchnal aWemigebb^^^ 

bezet^inat die Anwandii ngstdentftSiske^^ fiJlO 
aMauUg elri^; i^lrtuWfeat^ 
^UrtOiiDiaweilen 

GHK und : im terminal ^ ^ya^nd,^ aich idemzijjfolge, 

werui;die;ii^w^^ 

;wrin eine yeSindin ^ ■ 

■fpigt- .V ■: ; ■ :-v-V).";-'; . 

fite^ahng^atl)^ ibf^t^ 
ion.vCoda?/iu'j^ 

Chlpi^ne CHK eioeugi'riun die C^^iraKe CHkiabe 
2weUe2ufans2ahiy2iW i^. 
T. Da^ Termirifll T b^rc^ 
mirvatf unittion F7Z:,d^ 

und ddriwehah Zi^albzaiitVa Terminat* 



anerkennungsparamemr ApT2 undObert 

Gh(pfaftoCHKi 

fenCK}pKailen$ct;aasae|KC^ 

und einar d^n.Chilplfflirtentu^ 

Ghlpl^Wm8rkerviun|jsp^ 

Anerkshhurigsparametw In def ChlpKarta 

CHK yofglip^iqh* ^ p<>aiH]ypm Vofgipiiiisprgpbnfe 
dV*die:idte 

z«i7t l^nrnfrial f Bberiragen urid imft Hiife dsr Anzeifieein-. 
heltpiSP;d8sTo W T ahgezelgt .biajse: /^tteige j^^^^^^ 
lolgi in Fqirn elner^ie Id^^^ 

tiemncten Informatfen, pteser tntonrnmEon • zlB. eh ba* 

st&ftmms Wc^t ^ tet einiteutig d^^^ 

SfebemeKmdamftStskenngrdBe Slb^ 

Kenngr60e TID und Arrwendungsidenthtokenngr^ 

Alp zugeordhei EHtanntderChfpKaHdhbenutze^ dieses 

VVqnI ale richttg arv dann 1st f Qr ihn d^ Teniitnal T 6bjekt^v 

authentisch. 

bla Bekanntgabe das Erg ebntsses dar Authehtizi- 
tats|HCHung ksnn uruinStelbar durch die 

Chtpk^rte CHK erl^ari. Voraussetzung dafpr/isV daB 
die Chlpkahe bbar ebe Arize DISP, wla zB. 

Lauchtdtoden,reinen ftkusttschen Slgrialg^er^.der bek 
s^jeiswejhse fbestin^ Tonfo^sn alxirugebori yermag 
Oder atne ROssigiuristaG^ 

Mil <terj^6^ede 
pr^entief en«^: iWionnatiori; ^ird: dia^ 
plSP wtKiar IGr ciib Araei|^^^^^ 
gegebeh. Ist'einfeOuittia^yhg^^ 
kenngr£U3teri^t^ 

Ken,; dann aif olgfli cTffl Frelgaba der /iitelg^H^ 
efsl nacH desa^ 



Patehtansprilchtif 

1 ; VdilatircM) 2Uf g^ensehige^ VUithentiiika^on einer 
C^k^& und : «nes. I T6>mh^is mittels ibl^erKiar 
^sShrftte; ■ V 

^ . Ch^kafte ObarUggV zumi^ Chip* 
.$^rten»dG^Un.ka^ 

• .f^bteTrnfofl^^^ 

■.' ■■rrrinaiEirfyi^^ ■ ■■ 

> die tafi^J^e^^l^ 
'".^cfmMim^^einefTV^ 

:(^^^^ 

■ i'.md'eh^r^^ 

: ; ersten CHipio^^ (|6>9 elh 

kartenanerkenfiuftfi^^ 

nan ersten: Ternilna&naiiiehhimg^ 

■ ■CAfm);:;' ■ ^.h .;; " 

• die Chipiiaite (C^^ Chip* 
ka^enanefksnnung^ zuiin 
TctrmlTTal (^^^ Anerkan- 
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nuhgspar^ritcr -(APCViARTi). mRdiriahdof 
Vergf^en -warden, 

• das termlnaii(T) pbertragt :bai jsosftlv^em Ver* 
Stefchsergebnfs Terminal 

(T) iugtmidneifliid^^ (ID) izur 5^ 

riE^etiaus ctem er^ 
(KCi) bzW: aus d^m ersten^^^t^^ 
{pi)undcferjdehtifitek to 
©jner zweiten ehipkartenivn 
neVzweilafiTeiTrt 

tea Ch^k^HenschiOs^l (KO^^^ eWeri zwei- 
ten Teifminalsdf^ 

* die-CHlpi^fte;(CHkybrW;d3^ is 
recHhiBtaus dem zwsKen Oh^kaKeriisc^ 

{Kp2) bzw. ausdemzwalten terminal 
(KT^) wdefeiier zvre^ mili^h 
fe emor drtttahlChiphartentuhiction 6m 
eifneidnttenterniir^^ 20 
ten C|ilpl<artenanetrtcenn 
(AF?02) brw, <9lnen zwfirit^ tenrnitiaianoiitbn* 
nur^paramat^r (APT2) 
> das Terrr^alOTObertrigJ den z^^^ 

r^lanertenfiun^p^srSrnet 12s 
karte j(CHiC), v^^^ jS. 
nungs^aranietar 

T b^i UbareifistlTOTert d^^ 

Mofkehntmgspa^ ^ 

; teil! I dehttlm^ 

IreridG : ihfprr^ akustfedh 7, 

ijdlehlinJuMld^^ 



4. 



Verf^hreh nach;efhom defvd^^ 

■Chi;. 

dadurpb ge^ 
Verf ahnan nach einem d vpjt)efgehenden AnsprO- 
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dadoroh eekennxcichn^ da0^^^ 
der angezei^en Iderittetskenngr50en 00) 
undAxter der die IdarirtetskenhgTeBen (iO) 
repfSsemierend^ Infpnmalk^ 

Ve rfahren net h elnem dar voTrHer gohortdon Aneprd- 

bei dern yor wierto^^ 
&5fentifitetk»isnunw^^ vom 
f ern^al {t>,e[ne von ieiharn dhjpl«rtw 
<tes Terpninai fF), ihsbBsrarideire in e&ie tastiatiir 
(TAS) efaies GhipJ^entafimlriater^^^ eingegie. 
■bene Persdnankennzahl (R 
riur Crt^karte (GHK) Obertiiga^^ 

ciadurph gekennzelchnet, daP mit der Ober- 
triagung bzw. der Eingabe der Peieorienker^h* 
^* (PIN) Jeg!k:he A|«e^:der^ 
(DISP) airf Seitendes Termina^fe^ , iiisbeson* 
dare dee Cih^kartohtormini^ {CKt)» yerhindert 
wird und dal) nac^ Ar^ei£|e d 
- :g^fi0) ip) mt^ IdeifitttStakenn' 
;:gr6aen.(iD) repriSseniie^ 
VerhMenjrig der Anz Seili^ des tsir 

mlnals (7) aufgehc^rt «^ 

Veifahreh if^&^ Anspruch 5/dadurch sdkehn* 
zolcrhn^t ;da|^::©rsl nach Qgftttofen der R 
;der angezeigten^^^; (ID) 
uind/pder der d reprS- 
;eemiefenden Int^^ VerhEriderUr^f dar 

Anreigeajils^l^^ 
das ChlpkaKeraem^ 

Verfahr^ imch-ernem ^d^^ 
<iiep\dadurck^ekeAr^ 

(T) ,\6|ri iSicherhe^^ desseh 
Sif^^haRsidanti^ts k gemslnf^^ 
nrS eiher fTD) zur 

iC^^ikarte Ob^rirag^^ 

Vei^ahre^ ns^b^^ dervorhergelhend^ Ah&p^Q> 
dertemi^Ta 

dungs^^ fchipkairte 
'(GHJ^^artrageri^^ 



ctedtir^hvge^^ da3 die zs^^sc^h 
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Description 

The invention relates to a method for mutual 
authentication of a chip card and a terminal by means of 
5 the challenge and response method. Usually, the chip 
card initially authenticates itself with respect to the 
terminal- The chip card transmits its chip card identity 
number to the terminal. The latter calculates from the 
chip card identity number a first terminal code, which 

10 is identical to a first chip card code stored in the 
chip card if symmetric cryptographic algorithms are 
used. The terminal then generates a first random number, 
transmits it to the chip card and the terminal encodes 
the first random number in just the same way as the chip 

15 card. As the result of the encoding, a first 
acknowledgement parameter is present both in the chip 
card and in the terminal. These two acknowledgement 
parameters are compared in the terminal. In the case of 
a positive comparison result, the chip card is authentic 

20 For the authentication of the terminal with 

respect to the chip card, the procedure described above 
takes place with the roles reversed. The first code, 
already known to both parties, is used for the encoding 
on both sides of a random number generated by the chip 

25 card- The second acknowledgement parameters produced as 
a result are compared in the chip card. In the case of a 
positive comparison result, the terminal is also authen- 
tic (EP-A-0 388 700 and IT Inf ormationstechnik. Vol. 32, 
No. 1, February 1990, Munich, pages 64 - 67, 

30 XP000095908, G. Kunde, D. Kruse 'Der neue Flughafen 
Munchen - Sicherheit durch Chipkarten* [The new Munich 
airport - security through chip cards]). 

The chip card consequently does indeed obtain 
certainty as to whether the terminal to which it is 

35 connected is authentic. However, the chip card does not 
obtain any knowledge as to which of many possible ter- 
minals it is. Although this lack of information could be 
overcome, for example, by transmitting a terminal number 
to the chip card, such information transmission may 



- 2 - 

compromise security, for example by disclosing the 
identity characteristic to third parties. The user of 
the chip card cannot convince himself of the 
authenticity of the terminal, since the user obtains 
5 either no information or only subjective information 
that the authenticity check has proceeded successfully. 

The object underlying the present invention is 
to permit a reliable identification of all security- 
relevant elements of a terminal with respect to a chip 

10 card and, in addition, to give the user of the chip card 
the possibility of convincing himself objectively of thie 
authenticity of the terminal. 

This object is achieved according to the inven- 
tion by the features specified in Patent Claim 1. 

15 According to the method specified in Patent 

Claim 1, the identity characteristic or characteristics 
which are assigned to the terminal T are included in the 
mutual authentication process based on the challenge and 
response method. Not only is a chip-card-specific code 

20 used, but this chip-card-specific code is used for 
generating a second terminal-specific and chip-card- 
specific code. This ensures a unique and reliable 
identification, inclusive of an authentication of all 
the elements of the terminal whose characteristics are a 

25 component part of the identity characteristic 
transmitted to the chip card. 

If the first and the second acknowledgement 
parameters match, the identity characteristics assigned 
to the terminal and/or an information item representing 

30 these identity characteristics is indicated optically 
and/or acoustically. This indication takes place on an 
indicating unit. This indicating unit may be a loud- 
speaker, a liquid-crystal display or the like. 

By such an indication, the chip card user can 

35 convince himself that the terminal has been neither 
manipulated nor simulated. This is made easier for the 
user if the information item representing the identity 
characteristics is a word which is uniquely assigned to 
the identity characteristic or characteristics. The 
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trustworthiness of the terminal is demonstrated for the 
chip card user by the indication. 

According to a further development of the inven- 
tion, the result indicated must be acknowledged. This 
5 acknowledgement takes place, for example, by pressing a 
key or by the elapse of an adequate long time. 

According to a refinement and development of the 
invention, in the terminal there is integrated a 
security module, the security identity characteristic of 

10 which is transmitted together with a terminal identity 
characteristic to the chip card. These two identity 
characteristics form the identity characteristic 
assigned to the terminal. The chip card consequently 
also obtains safeguarded and authentic information on 

15 which security module is currently integrated in the 
terminal . 

According to a further development of the inven- 
tion, an application identity characteristic is trans- 
mitted together with the identity characteristic, 

20 assigned to the terminal, to the chip card. The identity 
characteristic is thus extended by an application iden- 
tity characteristic. Consequently, it is also possible 
for the chip card to identify uniquely the application 
running in the terminal in conjunction with the chip 

25 card and check its authenticity. 

According to a further development and 
refinement of the invention, from the point in time of 
the transmission or the entry of a personal 
identification number from or into the terminal, any 

30 indication on the terminal side is prevented. This 
prevention of any indication is not lifted again until 
after indication of the identity characteristics and/or 
of the information item representing these identity 
characteristics. Consequently, until authenticity has 

35 been established by the chip card, the indicating unit 
of the terminal cannot be activated from the terminal 
side. An indication of manipulated information is thus 
effectively prevented. 

According to a further refinement and 
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development of the invention, the data to be exchanged 
between chip card and terminal are passed via a chip 
card terminal arranged between chip card and terminal. 
The identity characteristics assigned to the terminal 
5 and/or an information item representing these identity 
characteristics is [sic] indicated with the aid of the 
indicating unit arranged on the chip card terminal. This 
indication is acknowledged by an actuation on the user 
side of the keyboard arranged on the chip card terminal. 

10 By this refinement and development of the invention, 
additional protection against manipulation of the 
indicating unit of the terminal is achieved on account 
of the spatial separation of the chip card terminal and 
the terminal. The chip card terminal can be additionally 

15 requested by the chip card to authenticate itself with 
respect to the chip card independently of the terminal 
itself. This additional possibility makes it clear that, 
seen in terms of security technology, the chip card 
terminal is assigned to the chip card. In this case, the 

20 chip card terminal acts in particular as a trustworthy 
interface between the chip card and the chip card user. 
The same trustworthiness can be achieved only with great 
effort if the functions of the chip card terminal are 
integrated in the terminal. 

25 According to a further development and refine- 

ment of the invention, a check of the entered personal 
identification number is carried out before each mutual 
authentication of the chip card and the terminal. This 
ensures that an indication on the indicating unit is 

30 always prevented during the procedure for the mutual 
authentication of chip card and terminal, even if the 
chip card is suitable for a plurality of different 
applications. It does admittedly follow from this that a 
global check of the personal identification number for a 

35 plurality of applications is not possible. However, this 
disadvantage is more than offset by the gain in 
security. 

Further advantageous refinements and 

developments are specified in further subclaims. The 
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invention we [sic] explained in more detail below with 
reference to the drawing, in which: 

FIG Ishows the flow chart according to the invention 

based on the challenge and response method, 
5 FIG 2shows a diagrammatically represented arrangement of 

a chip card, of a chip card terminal and of a 

central computer, and 
FIG 3shows an arrangement according to FIG 2, in which 

the chip card terminal is integrated with a 
10 computer station in a terminal. 

In the following exemplary embodiment, the 
method according to the invention, as represented in 
Figure 1, is described. Used in this case as 
communication partners are a terminal T and a chip 
15 card CHK. The terminal T in this case comprises all the 
units outside the chip card CHK. Such units are, for 
example, a chip card terminal CKT, a central 
computer HOST, a computer station CPU, and line 
systems L. 

20 The chip card terminal CKT forms the interface 

both between the chip card CHK and the central com- 
puter HOST and between the chip card CHK and the chip 
card user. Integrated in the chip card terminal CKT are 
an indicating unit DISP and an entry key block TAS . 

25 In Figure 2, the chip card terminal CKT is a 

single unit, which is connected via the line system L to 
the central computer HOST. In Figure 3, the chip card 
terminal CKT may be both a single unit and a unit which 
is integrated together with the computer station CPU in 

30 the terminal T. 

Whichever physical form the chip card ter- 
minal CKT takes - what is important for the method 
according to the invention is the absolute trustworthi- 
ness of the units implemented in the chip card ter- 

35 minal CKT, namely the indicating unit DISP DISP [sic] 
and the keyboard TAS. 

The exemplary embodiment describes the challenge 
and response method using symmetric cryptographic 
algorithms. However, the method according to the inven- 
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tion can- similarly be carried out with asymmetrical 
cryptographic algorithms. All that is necessary for this 
purpose is for the functions used and the codes used to 
be adapted to corresponding to the requirements of the 
5 asymmetric cryptographic method. 

In Figure 1, entered to the left of a dash- 
dotted line are the method steps which take place in the 
chip card CHK, represented to the right of the dash- 
dotted line are the method steps which take place in the 

10 terminal T, and there in particular in a security 
module. After connecting the chip card CHK to the 
terminal T, a chip card user enters a personal 
identification number PIN with the aid of the keypad TAS 
of the terminal. After this entry, any indication on the 

15 indicating unit DISP of the terminal T is prevented. The 
personal identification number PIN is transmitted to the 
chip card CHK for comparison purposes. In the case of a 
positive comparison result, the chip card CHK transmits 
its chip card identity number CID and an application 

20 command ADF, identifying the desired application, to the 
terminal T. In the terminal T, a first terminal code KTl 
is calculated with the aid of the data received, a 
code K stored in the terminal T and an algorithm FTW. 
This first terminal code KTl corresponds to the first 

25 chip card code KCl stored in the chip card CHK. 

In the terminal T, a first random number VI is 
generated and transmitted to the chip card CHK. Both in 
the chip card CHK and in the terminal T, first acknow- 
ledgement parameters APCl, APTl are then calculated. 

30 This takes place on the chip card CHK side with the aid 
of the first random number VI, the first chip card 
code KCl and a first chip card function FCX. The first 
chip card function FCX corresponds to a first terminal 
function FTX. 

35 The terminal T calculates a first terminal 

acknowledgement parameter APTl with the aid of the first 
random number VI, the first terminal code KTl and the 
first terminal function FTX. The first chip card acknow- 
ledgement parameter APCl, calculated by the chip 
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card CHK, is transmitted to the terminal T and compared 
there with the first terminal acknowledgement para- 
meter APTl- In the case of a negative comparison result, 
the method is abnormally terminated, since then the chip 
5 card CHK is not authentic. 

Before the authenticity of the terminal T is 
then also checked with respect to the chip card CHK, the 
chip card CHK calculates a second chip card code KC2 and 
the terminal T calculates a second terminal code KT2 . In 

10 the chip card CHK, this takes place after transmitting 
identity characteristics ID, assigned to the terminal T, 
to the chip card CHK. The chip card CHK forms the second 
chip card code KC2 from the identity characteristics ID 
and the first chip card code KCl with the aid of a 

15 second chip card function FCY. The' terminal T determines 
the second terminal code KT2 from the identity 
characteristics ID, the first terminal code KTl and a 
second terminal function FTY. The second chip card 
function FCY and the second terminal function FTY are 

20 identical. 

The identity characteristics ID assigned to the 
terminal T are a security identity characteristic SID, a 
terminal identity characteristic TID and an application 
identity characteristic AID. The security identity 

25 characteristic SID uniquely designates a specific secur- 
ity module. The terminal identity characteristic TID 
uniquely designates a specific terminal T. Similarly, 
the application identity characteristic AID uniquely 
designates a specific, currently running application. 

30 The second codes KC2, KT2 in the chip card CHK and in 
the terminal T accordingly change if the application is 
changed, if a different security module is integrated 
into the terminal T, or if a connection is made to a 
different terminal T. 

35 Before the identity characteristic ID is trans- 

mitted from the terminal T to the chip card CHK, this 
identity characteristic ID can be additionally safe- 
guarded with the aid of a "Message Authentif ication 
[sic] Code". 
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For the authentication of the terminal T with 
respect to the chip card CHK, the chip card CHK then 
generates a second random number V2 and transmits it to 
the terminal T. The terminal T calculates a second 
5 terminal acknowledgement parameter APT2 with the aid of 
a third terminal function FTZ, the second terminal 
code KT2 and the second random number V2 and transmits 
it to the chip card CHK. The chip card calculates a 
second chip card acknowledgement parameter APC2 from the 

10 second chip card code KC2, the second random number V2 
and a third chip card function FCZ. The second 
acknowledgement parameters AP2 are compared in the chip 
card CHK. In the case of a positive comparison result, 
the identity characteristics ID are transmitted from the 

15 chip card CHK to the terminal T and indicated with the 
aid of the indicating unit DISP of the terminal T, This 
indication takes place in the form of an information 
item representing the identity characteristics ID. This 
information item - for example a specific word - is 

2 0 uniquely assigned the triplet comprising security 
identity characteristic SID, terminal identity 
characteristic TID and application identity 
characteristic AID. If the chip card user recognizes 
this word as correct, then for him the terminal T is 

25 objectively authentic. 

The notification of the result of the authen- 
ticity check may, however, also take place directly 
through the chip card CHK. A precondition for this is 
that the chip card has an indicating unit DISP, such as 

30 for example light-emitting diodes, an acoustic signal 
generator, which for example is able to emit specific 
sound sequences, or a liquid-crystal display. 

With the indication of the information item 
representing the identity characteristics ID, the indi- 

35 eating unit DISP is enabled again for the indication of 
other items of information. If an acknowledgement of the 
indicated identity characteristics ID by the chip card 
user is envisaged, the enabling of the indicating 
init DISP does not take place until after this acknowledgement. 
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